Currently I'm learning Kubernetes. It's running on my laptop VBox. I plan to deploy it on 'real' network, but with verry limited public IP. So all API service and Ingress-Nginx will be on private IP address (i.e: 192.168.x.y)
My question is: Can I do the SSL termination on ingress-nginx if it behind HA-Proxy that only reverse-proxying TCP?
Note : The line in red is the only physical ethernet network with Public IP Address
Sincerely
-bino-
ingress is more like an API gateway (reverse proxy) which routes the request to a specific backend service based on, for instance, the URL.
SSL Termination is part of reverse proxy. Encrypting the traffic between clients and servers protects it as it crosses a public network like the Internet. But decryption and encryption can be computationally expensive. By decrypting incoming requests and encrypting server responses, the reverse proxy frees up resources on backend servers which they can then devote to their main purpose, serving content.
Reverse proxy as a website’s “public face.” Its address is the one advertised for the website, and it sits at the edge of the site’s network to accept requests from web browsers and mobile apps for the content hosted at the website.
For more information refer to this document.
HAProxy is a reverse proxy for TCP and HTTP applications. Users can make use of HAProxy to improve the performance of websites and applications by distributing their workloads. Performance improvements include minimized response times and increased throughput.
HAProxy Ingress Controller - It does all the heavy lifting when it comes to managing external traffic into a kubernetes cluster.